On Tue, 24 Aug 2004 02:04, Stephen Smalley <sds@xxxxxxxxxxxxxx> wrote: > On Mon, 2004-08-23 at 11:31, Tom London wrote: > > Latest Rawhide policy seems to 'reverse the labeling' of programs > > started from xinetd, like in.comsat, ... (strict/enforcing) > > inetd.fc entries removed at Russell's request, as the inetd_child_t > domain wasn't sufficient anyway to allow those programs to run properly, > and labeling them inetd_child_exec_t merely masked the lack of proper > security domains for those programs and encouraged bleeding permissions > into inetd_child_t. Some of those programs need to have policy written for them. Some need to be re-written, reconfigured, or replaced. At least now they won't be forgotten. Tom, if you would like to contribute policy for any of these... -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
